package com.core.reach.oauth2server.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

import javax.annotation.Resource;

/**
 * @author Mr_zhangmu
 * @version V1.0
 * @description: TODO
 * @date 2020/6/19 15:41
 **/
@Configuration
@EnableWebSecurity
public class WebSecurityConfigurer extends WebSecurityConfigurerAdapter {

    /**
     * TUserService 实现 UserDetailsService 接口，获取用户信息
     */
    @Resource(name = "tUserService")
    private UserDetailsService userService;

    /**
     * 将AuthenticationManager注入到Spring容器中，认证服务器配置需要用到
     *
     * @return AuthenticationManager
     * @throws Exception e
     */
    @Bean
    @Override
    protected AuthenticationManager authenticationManager() throws Exception {
        return super.authenticationManager();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //使用UserDetailsService，密码使用的是BCryptPasswordEncoder加密
        auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
    }

    public static void main(String[] args) {
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        System.out.println(bCryptPasswordEncoder.encode("123456"));
    }

    /**
     * security的拦截路径，使用表单认证，并且拦截所有请求
     *
     * @param http http
     * @throws Exception e
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        http.formLogin().and()
//                .authorizeRequests().anyRequest().authenticated();
//        // Security的默认拦截器里，默认会开启CSRF处理，判断请求是否携带了token
//        http.csrf().disable();

        http.formLogin() //登记界面，默认是permit All
                .and()
                //不用身份认证可以访问
                .authorizeRequests().antMatchers("/","/home").permitAll()
                .and()
                //其它的请求要求必须有身份认证
                .authorizeRequests().anyRequest().authenticated()
                .and()
                .csrf() //防止CSRF（跨站请求伪造）配置
                .requireCsrfProtectionMatcher(new AntPathRequestMatcher("/oauth/authorize")).disable();
    }

//    @Bean
//    public TokenStore redisTokenStore(){
//        return new RedisTokenStore();
//    }

}
